Error detecting AES using polynomial residue number systems

A new method using polynomial residue number systems (PRNS) is introduced in this paper to protect the Advanced Encryption Standard (AES) against faults attacks. By using PRNS, the byte based AES operations over GF(2^8) are decomposed into several parallel operations that use its residues over smaller fields. Three GF(2^4) irreducible polynomials are selected as the moduli set for the chosen PRNS, including a redundant modulus to achieve error detection. Three GF(2^4) AES cores are constructed individually according to the chosen moduli. This PRNS architecture brings several advanced features to AES design from the scope of anti-side-channel analysis. Firstly, for each 8-bit GF(2^8) element, this implementation is capable of detecting up to 4bits errors that occur in a single GF(2^4) AES core. Secondly, thanks to the data independency between PRNS operations, the distributed PRNS AES cores have an intrinsic resistance against probing attacks. In addition, due to the introduction of redundant information and the residue representation replacing the original representation, more confusion is added to the system, which may also enhance the design's security. To the authors' knowledge, this is the world's first PRNS AES implementation. Two different architectures for implementing the proposed error detecting AES are demonstrated and supported by actual hardware implementation results on FPGA.

[1]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[2]  Keshab K. Parhi,et al.  High-speed VLSI architectures for the AES algorithm , 2004, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[3]  Mohammed Benaissa,et al.  Polynomial Residue Number System GF(2m) multiplier using trinomials , 2009, 2009 17th European Signal Processing Conference.

[4]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[5]  M. Benaissa,et al.  GF(p/sup m/) multiplication using polynomial residue number systems , 1995 .

[6]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[7]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[8]  Ramesh Karri,et al.  Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers , 2003, CHES.

[9]  Mark G. Karpovsky,et al.  Differential Fault Analysis Attack Resistant Architectures for the Advanced Encryption Standard , 2004, CARDIS.

[10]  Ramesh Karri,et al.  Low cost concurrent error detection for the advanced encryption standard , 2004 .

[11]  Mark G. Karpovsky,et al.  Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard , 2004, International Conference on Dependable Systems and Networks, 2004.

[12]  Johannes Wolkerstorfer,et al.  A Universal and Efficient AES Co-processor for Field Programmable Logic Arrays , 2004, FPL.

[13]  John V. McCanny,et al.  Rijndael FPGA implementation utilizing look-up tables , 2001, 2001 IEEE Workshop on Signal Processing Systems. SiPS 2001. Design and Implementation (Cat. No.01TH8578).

[14]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[15]  Ç. Koç,et al.  Parallel Multiplication in GF(2k) using Polynomial Residue Arithmetic , 2000 .

[16]  Sung-Ming Yen,et al.  Differential Fault Analysis on AES Key Schedule and Some Coutnermeasures , 2003, ACISP.

[17]  Israel Koren,et al.  Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard , 2003, IEEE Trans. Computers.

[18]  Fred J. Taylor,et al.  On the polynomial residue number system [digital signal processing] , 1991, IEEE Trans. Signal Process..

[19]  Salvatore Pontarelli,et al.  A Novel Error Detection and Correction Technique for RNS Based FIR Filters , 2008, 2008 IEEE International Symposium on Defect and Fault Tolerance of VLSI Systems.

[20]  Thanos Stouraitis,et al.  Polynomial residue complex signal processing , 1993 .

[21]  Eric Peeters,et al.  Parallel FPGA implementation of RSA with residue number systems - can side-channel threats be avoided? , 2003, 2003 46th Midwest Symposium on Circuits and Systems.

[22]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[23]  Moti Yung,et al.  A Comparative Cost/Security Analysis of Fault Attack Countermeasures , 2006, FDTC.

[24]  F. Taylor,et al.  On the Polynomial Residue Number System , 1991 .

[25]  Hussein Baher,et al.  Analog & digital signal processing , 1990 .

[26]  Panu Hämäläinen,et al.  Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core , 2006, 9th EUROMICRO Conference on Digital System Design (DSD'06).

[27]  Çetin Kaya Koç,et al.  Parallel Multiplication in using Polynomial Residue Arithmetic , 2000, Des. Codes Cryptogr..